Security Basics mailing list archives

Re: Helpdesk as local admin

From: gjgowey () tmo blackberry net
Date: Mon, 5 Feb 2007 16:13:37 +0000

If you're worried about your HelpDesk people I'd look into ris.  It comes with win2k3 server and allows diskless 
installation of os' (network boot).  The people installing don't even need admin rights if you configure ris just so.  
Ris can also take care of automatically naming the systems for you too.

Geoff
Sent from my BlackBerry wireless handheld.  

-----Original Message-----
From: WALI <hkhasgiwale () gmail com>
Date: Sat, 03 Feb 2007 17:58:34 
To:security-basics () securityfocus com
Subject: Helpdesk as local admin

Hi Guys..

So what's the defined best practise regarding HelpDesk personnel be 
given/told local admin account names and passwords on users PC/Workstations 
in order to undertake routine fault finding and applications installation?

Help Desk techies also regularly inserts new workstations into the domain 
hence they need certain privileges to be able to make new workstations join 
the domain. What could be the most secure way given the fact that Servers 
are running Win 2k3 and client machines are a combination of WinXP and Win2k.

Current thread:

Helpdesk as local admin WALI (Feb 05)
- RE: Helpdesk as local admin Scott Ramsdell (Feb 05)
- Re: Helpdesk as local admin gjgowey (Feb 05)
- RE: Helpdesk as local admin Patrick Wade (Feb 05)
- <Possible follow-ups>
- Re: Helpdesk as local admin Henry Troup (Feb 05)
- Re: Helpdesk as local admin htroup (Feb 05)
- RE: Helpdesk as local admin Rolf Huisman (Feb 07)
- RE: Helpdesk as local admin Henry Troup (Feb 07)
- Re: FW: Helpdesk as local admin kevin fielder (Feb 07)